NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

port-i386/44995: PAE cpu_load_pmap doesn't seem safe



>Number:         44995
>Category:       port-i386
>Synopsis:       PAE cpu_load_pmap doesn't seem safe
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    port-i386-maintainer
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu May 26 03:20:00 +0000 2011
>Originator:     YAMAMOTO Takashi
>Release:        NetBSD current
>Organization:
        
>Environment:
        
        
Architecture: i386
Machine: i386
>Description:
        in the case of PAE, cpu_load_pmap modifies L3 PDIR for
        the current cpu with the following code.

                l3_pd[i] = pmap->pm_pdirpa[i] | PG_V;

        this likely will be complied into two 32-bit mov instructions
        and nothing prevents a page table walk between them.

>How-To-Repeat:
        
>Fix:
        make cr3 simply point to the recursive mapping part of the second
        level PTP?  (i haven't confirmed if this is possible.  just an idea.)

>Unformatted:
        
        


Home | Main Index | Thread Index | Old Index